From 297259762228a2e7d7842d52074cf06c90cd7270 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Sat, 22 Sep 2012 15:01:55 +0400 Subject: [PATCH] fix SSL host verification not being disabled by "trust all hosts" --- AndroidManifest.xml | 4 ++-- src/org/fox/ttrss/ApiRequest.java | 8 ++++++++ src/org/fox/ttrss/FeedsFragment.java | 8 ++++++++ 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/AndroidManifest.xml b/AndroidManifest.xml index a7a51cf7..28602575 100644 --- a/AndroidManifest.xml +++ b/AndroidManifest.xml @@ -1,8 +1,8 @@ + android:versionCode="106" + android:versionName="0.8.5" > , Integer, JsonE sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); + HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { + @Override + public boolean verify(String hostname, SSLSession session) { + return true; + } + }); } catch (Exception e) { e.printStackTrace(); diff --git a/src/org/fox/ttrss/FeedsFragment.java b/src/org/fox/ttrss/FeedsFragment.java index 8be4d92e..7462876c 100644 --- a/src/org/fox/ttrss/FeedsFragment.java +++ b/src/org/fox/ttrss/FeedsFragment.java @@ -15,8 +15,10 @@ import java.util.Comparator; import java.util.HashMap; import java.util.List; +import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; @@ -606,6 +608,12 @@ public class FeedsFragment extends Fragment implements OnItemClickListener, OnSh sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); + HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { + @Override + public boolean verify(String hostname, SSLSession session) { + return true; + } + }); } catch (Exception e) { e.printStackTrace();